Detalji
Kreirano: 24 Travanj 2012
Izdana je nova nadogradnja programskog paketa FreeType. Nadogradnja ispravlja propuste koje je udaljeni napadač mogao iskoristiti za pokretanje proizvoljnog programskog koda te DoS (eng. Denial of Service) napad.
Paket:
FreeType 2.x
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
6.9
Problem:
cjelobrojno prepisivanje, nespecificirana pogreška, pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2010-1797, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527, CVE-2010-2541, CVE-2010-2805, CVE-2010-3053, CVE-2010-3054, CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2011-2895, CVE-2011-3256
Izvorni ID preporuke:
SUSE-SU-2012:0553-1
Izvor:
SUSE
Problem:
Sigurnosni propusti se javljaju zbog višestrukih preljeva međuspremnika, cjelobrojnog prepisivanja, pogrešaka u programskim funkcijama "psh_glyph_find_strong_points" i "FT_Stream_EnterFrame" te neodgovarajuće implementacije komponente "LZW decompressor".
Posljedica:
Udaljeni napadač navedene ranjivosti može iskoristiti za napad uskraćivanja usluga (DoS) te izvršavanje proizvoljnog programskog koda.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.
Izvorni tekst preporuke
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0553-1
Rating: important
References: #619562 #628213 #629447 #633938 #633943 #635692
#647375 #709851 #728044 #730124 #750937 #750938
#750939 #750940 #750941 #750943 #750945 #750946
#750947 #750948 #750949 #750950 #750951 #750952
#750953 #750955
Cross-References: CVE-2010-1797 CVE-2010-2497 CVE-2010-2498
CVE-2010-2499 CVE-2010-2500 CVE-2010-2519
CVE-2010-2520 CVE-2010-2527 CVE-2010-2541
CVE-2010-2805 CVE-2010-3053 CVE-2010-3054
CVE-2010-3311 CVE-2010-3814 CVE-2010-3855
CVE-2011-2895 CVE-2011-3256 CVE-2011-3439
CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
CVE-2012-1143
Affected Products:
SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
Specially crafted font files could have caused buffer
overflows in freetype, which could have been exploited for
remote code execution.
Security Issue references:
* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2011-2895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2010-3311
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
* CVE-2010-2805
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
>
* CVE-2010-3814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2010-1797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797
>
* CVE-2010-3855
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855
>
* CVE-2010-2497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
>
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2010-3053
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
>
* CVE-2011-3439
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2011-3256
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
>
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2010-3054
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2010-2498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
>
* CVE-2010-2499
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
>
* CVE-2010-2500
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
>
* CVE-2010-2519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
>
* CVE-2010-2520
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
>
* CVE-2010-2527
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527
>
* CVE-2010-2541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541
>
Package List:
- SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):
freetype2-2.1.10-18.22.21.25
freetype2-devel-2.1.10-18.22.21.25
ft2demos-2.1.10-19.18.21.7
- SUSE Linux Enterprise Server 10 SP2 (s390x x86_64):
freetype2-32bit-2.1.10-18.22.21.25
freetype2-devel-32bit-2.1.10-18.22.21.25
References:
http://support.novell.com/security/cve/CVE-2010-1797.html
http://support.novell.com/security/cve/CVE-2010-2497.html
http://support.novell.com/security/cve/CVE-2010-2498.html
http://support.novell.com/security/cve/CVE-2010-2499.html
http://support.novell.com/security/cve/CVE-2010-2500.html
http://support.novell.com/security/cve/CVE-2010-2519.html
http://support.novell.com/security/cve/CVE-2010-2520.html
http://support.novell.com/security/cve/CVE-2010-2527.html
http://support.novell.com/security/cve/CVE-2010-2541.html
http://support.novell.com/security/cve/CVE-2010-2805.html
http://support.novell.com/security/cve/CVE-2010-3053.html
http://support.novell.com/security/cve/CVE-2010-3054.html
http://support.novell.com/security/cve/CVE-2010-3311.html
http://support.novell.com/security/cve/CVE-2010-3814.html
http://support.novell.com/security/cve/CVE-2010-3855.html
http://support.novell.com/security/cve/CVE-2011-2895.html
http://support.novell.com/security/cve/CVE-2011-3256.html
http://support.novell.com/security/cve/CVE-2011-3439.html
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1137.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/619562
https://bugzilla.novell.com/628213
https://bugzilla.novell.com/629447
https://bugzilla.novell.com/633938
https://bugzilla.novell.com/633943
https://bugzilla.novell.com/635692
https://bugzilla.novell.com/647375
https://bugzilla.novell.com/709851
https://bugzilla.novell.com/728044
https://bugzilla.novell.com/730124
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750943
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955
http://download.novell.com/patch/finder/?keywords=7476e36b394db4aa52c01037bbfd62ee
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke